Governance & Risk Management , Insider Threat , Video
The Silent Threat: Negligent Users in SaaS Cybersecurity
Wing Security's Ran Senderovitz on Navigating Misconfigured SaaS RisksInsider threats continue to pose significant concerns in today's digital landscape. While malicious insiders have garnered attention due to harmful intent, negligent users often make unintentional mistakes, contributing to potential cybersecurity risks.
See Also: Gartner Guide for Digital Forensics and Incident Response
Software-as-a-service solutions present opportunities for employees to onboard a variety of tools, but SaaS inadvertently poses risks through misconfigurations and improper permissions, said Ran Senderovitz, chief operating officer, Wing Security. While significant organizational efforts are directed toward addressing malicious insiders, negligent users are widespread and tend to use tools that might not be recognized as potential risks, he said.
"Risks can come in few levels; the first one is your onboarding application that doesn't have a high security rating and compliances that your organization needs," Senderovitz said. "You can onboard a malicious application unknowingly. When you onboard an application like that, you provision wrong permissions to that application. The application gets access to manage your Google Drive to read all your information - all of these misconfigurations on user permission, data sharing or using an application that is not secure enough for your organization can become an attack surface."
In this video interview with Information Security Media Group at Black Hat USA 2023, Senderovitz also discussed:
- The risks of misconfiguration and unauthorized access;
- The need for organizations to enable productivity through SaaS applications;
- The struggle security leaders face with gaining visibility into users' application choices.
Senderovitz is a seasoned executive leader with a track record in transforming technological businesses into product, market and business leadership in Silicon platforms, communication, IoT, personal computing, AI and GFX domains.